[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(usagi-users 03055) IPv4, IPv6 netfilter consolidation (?)
- To: usagi-users@xxxxxxxxxxxxxx
- Subject: (usagi-users 03055) IPv4, IPv6 netfilter consolidation (?)
- From: Michal Rokos <michal@xxxxxxxxxx>
- Date: Fri, 1 Oct 2004 18:45:16 +0200
- Reply-to: usagi-users@xxxxxxxxxxxxxx
- Resent-date: Sat, 2 Oct 2004 16:51:12 +0900
- Resent-from: sekiya@xxxxxxxxxxxxxx
- Resent-message-id: <200410021651.FMLAAB16984.usagi-users@linux-ipv6.org>
- Resent-to: usagi-users@xxxxxxxxxxxxxx (moderated)
- User-agent: KMail/1.7
Hi,
I've been looking into IPv6 state-full netfilter and noticed that the
code is about 80% the same as IPv4 one.
I'm toying with idea to merge it together to save time with maintaining
and propagating changes from IPv4 to IPv6 code.
My plan is to:
round 1) unite headers when applicable
- all IP-indep values will have a prefix 'IP', IPv4-specific ones have
'IP4', and IPv6-spec ones have 'IP6'
- code bases (state-full IPv6 code) will remain duplicated
round 2) unite code
- naming will be the same as above
=======================================================================
An example:
include/linux/netfilter_ipv4/ip_conntrack_tuple.h
/* This contains the information to distinguish a connection. */
struct ip_conntrack_tuple
{
struct ip_conntrack_manip src;
/* These are the parts of the tuple which are fixed. */
struct {
u_int32_t ip;
union {
/* Add other protocols here. */
u_int16_t all;
struct {
u_int16_t port;
} tcp;
struct {
u_int16_t port;
} udp;
struct {
u_int8_t type, code;
} icmp;
struct {
u_int16_t port;
} sctp;
} u;
/* The protocol. */
u_int16_t protonum;
} dst;
};
will become
include/linux/netfilter_ip/ip_conntrack_tuple.h - Note the location
change!
/* This contains the information to distinguish a connection. */
struct ip_conntrack_tuple
{
struct ip_conntrack_manip src;
/* These are the parts of the tuple which are fixed. */
struct {
union { /* union to hold IPv{46} adresses */
u_int32_t v4; /* is naming OK? */
struct in6_addr v6; /* is naming OK? */
} ip;
union {
/* Add other protocols here. */
u_int16_t all;
struct {
u_int16_t port;
} tcp;
struct {
u_int16_t port;
} udp;
struct {
u_int8_t type, code;
} icmp;
struct {
u_int16_t port;
} sctp;
} u;
/* The protocol. */
u_int16_t protonum;
} dst;
};
=======================================================================
As a preview I united include/linux/netfilter_ipv4.h and
include/linux/netfilter_ipv6.h into include/linux/netfilter_ip.h and
made it compile.
(Patch is against the one I sent before as (usagi-users 03052))
Question is:
- is it desirable to 'unite' the code bases?
- could the unification result look like this?
- am I wasting my/yours time?
Thank you for your comments
Michal
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/10/01 15:42:28+02:00 michal@xxxxxxxxxxxxxx
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# include/linux/netfilter_ip.h
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +93 -0
#
# net/ipv6/sit.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/raw.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +2 -3
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6table_raw.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +9 -9
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6table_mangle.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +25 -25
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6table_filter.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +13 -13
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6t_owner.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6t_mac.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +2 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6t_eui64.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +2 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6t_REJECT.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +5 -5
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6_tables.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +10 -10
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6_conntrack_standalone.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +11 -12
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6_conntrack_reasm.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/netfilter/ip6_conntrack_core.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/ndisc.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +5 -6
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/mcast.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +3 -4
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/ip6_tunnel.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +2 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/ip6_output.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +6 -7
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv6/ip6_input.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +3 -4
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/route.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/raw.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ipt_SAME.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ipt_REDIRECT.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ipt_NETMAP.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ipt_MASQUERADE.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_tftp.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_standalone.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_snmp_basic.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_rule.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_irc.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_helper.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_ftp.c
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# include/linux/netfilter_ip.h
# 2004/10/01 15:42:07+02:00 michal@xxxxxxxxxxxxxx +0 -0
# BitKeeper file /home/michal/WORK/devel/bk/linux-2.6-netfilter/include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_core.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_nat_amanda.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_fw_compat_masq.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_fw_compat.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_conntrack_standalone.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_conntrack_proto_udp.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -3
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_conntrack_proto_tcp.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -3
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_conntrack_proto_icmp.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -3
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/netfilter/ip_conntrack_core.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -2
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ipmr.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ipip.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ip_output.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ip_input.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ip_gre.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ip_fragment.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/ip_forward.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/igmp.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/icmp.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# net/ipv4/af_inet.c
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# include/linux/netfilter_ipv6/ip6_tables.h
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +5 -5
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# include/linux/netfilter_ipv4/ip_tables.h
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# include/linux/netfilter_ipv4/ip_nat.h
# 2004/10/01 15:42:06+02:00 michal@xxxxxxxxxxxxxx +1 -1
# Unite include/linux/netfilter_ipv4.h
# and include/linux/netfilter_ipv6.h
# under include/linux/netfilter_ip.h
#
# BitKeeper/deleted/.del-netfilter_ipv6.h~a0c37633d74c97c4
# 2004/10/01 14:24:31+02:00 michal@xxxxxxxxxxxxxx +0 -0
# Delete: include/linux/netfilter_ipv6.h
#
# BitKeeper/deleted/.del-netfilter_ipv4.h~4504ea46c830584
# 2004/10/01 14:24:31+02:00 michal@xxxxxxxxxxxxxx +0 -0
# Delete: include/linux/netfilter_ipv4.h
#
diff -Nru a/include/linux/netfilter_ip.h b/include/linux/netfilter_ip.h
--- /dev/null Wed Dec 31 16:00:00 196900
+++ b/include/linux/netfilter_ip.h 2004-10-01 15:44:14 +02:00
@@ -0,0 +1,93 @@
+#ifndef __LINUX_IP_NETFILTER_H
+#define __LINUX_IP_NETFILTER_H
+
+/*
+ * IPv4 & IPv6-specific defines for netfilter.
+ * (C)1998 Rusty Russell -- This code is GPL.
+ * (C)1999 David Jeffery
+ * Touched by Michal Rokos
+ */
+
+#include <linux/config.h>
+#include <linux/netfilter.h>
+
+/* IP Cache bits. */
+/* Src IP address. */
+#define NFC_IP_SRC 0x0001
+/* Dest IP address. */
+#define NFC_IP_DST 0x0002
+/* Input device. */
+#define NFC_IP_IF_IN 0x0004
+/* Output device. */
+#define NFC_IP_IF_OUT 0x0008
+/* TOS. */
+#define NFC_IP_TOS 0x0010
+/* Protocol. */
+#define NFC_IP_PROTO 0x0020
+/* IP options. */
+#define NFC_IP_OPTIONS 0x0040
+/* Frag & flags. */
+#define NFC_IP_FRAG 0x0080
+
+/* Per-protocol information: only matters if proto match. */
+/* TCP flags. */
+#define NFC_IP_TCPFLAGS 0x0100
+/* Source port. */
+#define NFC_IP_SRC_PT 0x0200
+/* Dest port. */
+#define NFC_IP_DST_PT 0x0400
+/* Something else about the proto */
+#define NFC_IP_PROTO_UNKNOWN 0x2000
+
+/* IP Hooks */
+/* After promisc drops, checksum checks. */
+#define NF_IP_PRE_ROUTING 0
+/* If the packet is destined for this box. */
+#define NF_IP_LOCAL_IN 1
+/* If the packet is destined for another interface. */
+#define NF_IP_FORWARD 2
+/* Packets coming from a local process. */
+#define NF_IP_LOCAL_OUT 3
+/* Packets about to hit the wire. */
+#define NF_IP_POST_ROUTING 4
+#define NF_IP_NUMHOOKS 5
+
+enum nf_ip_hook_priorities {
+ NF_IP_PRI_FIRST = INT_MIN,
+ NF_IP_PRI_CONNTRACK_DEFRAG = -400,
+ NF_IP_PRI_RAW = -300,
+ NF_IP_PRI_SELINUX_FIRST = -225,
+ NF_IP_PRI_CONNTRACK = -200,
+ NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
+ NF_IP_PRI_MANGLE = -150,
+ NF_IP_PRI_NAT_DST = -100,
+ NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50,
+ NF_IP_PRI_FILTER = 0,
+ NF_IP_PRI_NAT_SRC = 100,
+ NF_IP_PRI_SELINUX_LAST = 225,
+ NF_IP_PRI_LAST = INT_MAX,
+};
+
+/* Arguments for setsockopt SOL_IP: */
+/* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
+/* 2.2 firewalling (+ masq) went from 64 through 76 */
+/* 2.4 firewalling went 64 through 67. */
+#define SO_ORIGINAL_DST 80
+
+#ifdef __KERNEL__
+#ifdef CONFIG_NETFILTER_DEBUG
+void nf_debug_ip_local_deliver(struct sk_buff *skb);
+void nf_debug_ip_loopback_xmit(struct sk_buff *newskb);
+void nf_debug_ip_finish_output2(struct sk_buff *skb);
+#endif /*CONFIG_NETFILTER_DEBUG*/
+
+extern int ip_route_me_harder(struct sk_buff **pskb);
+
+/* Call this before modifying an existing IP packet: ensures it is
+ modifiable and linear to the point you care about (writable_len).
+ Returns true or false. */
+extern int skb_ip_make_writable(struct sk_buff **pskb,
+ unsigned int writable_len);
+#endif /*__KERNEL__*/
+
+#endif /*__LINUX_IP_NETFILTER_H*/
diff -Nru a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
--- a/include/linux/netfilter_ipv4/ip_nat.h 2004-10-01 15:44:14 +02:00
+++ b/include/linux/netfilter_ipv4/ip_nat.h 2004-10-01 15:44:14 +02:00
@@ -1,6 +1,6 @@
#ifndef _IP_NAT_H
#define _IP_NAT_H
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
#define IP_NAT_MAPPING_TYPE_MAX_NAMELEN 16
diff -Nru a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
--- a/include/linux/netfilter_ipv4/ip_tables.h 2004-10-01 15:44:14 +02:00
+++ b/include/linux/netfilter_ipv4/ip_tables.h 2004-10-01 15:44:14 +02:00
@@ -23,7 +23,7 @@
#include <linux/skbuff.h>
#endif
#include <linux/compiler.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#define IPT_FUNCTION_MAXNAMELEN 30
#define IPT_TABLE_MAXNAMELEN 32
diff -Nru a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h
--- a/include/linux/netfilter_ipv4.h 2004-10-01 15:44:14 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,90 +0,0 @@
-#ifndef __LINUX_IP_NETFILTER_H
-#define __LINUX_IP_NETFILTER_H
-
-/* IPv4-specific defines for netfilter.
- * (C)1998 Rusty Russell -- This code is GPL.
- */
-
-#include <linux/config.h>
-#include <linux/netfilter.h>
-
-/* IP Cache bits. */
-/* Src IP address. */
-#define NFC_IP_SRC 0x0001
-/* Dest IP address. */
-#define NFC_IP_DST 0x0002
-/* Input device. */
-#define NFC_IP_IF_IN 0x0004
-/* Output device. */
-#define NFC_IP_IF_OUT 0x0008
-/* TOS. */
-#define NFC_IP_TOS 0x0010
-/* Protocol. */
-#define NFC_IP_PROTO 0x0020
-/* IP options. */
-#define NFC_IP_OPTIONS 0x0040
-/* Frag & flags. */
-#define NFC_IP_FRAG 0x0080
-
-/* Per-protocol information: only matters if proto match. */
-/* TCP flags. */
-#define NFC_IP_TCPFLAGS 0x0100
-/* Source port. */
-#define NFC_IP_SRC_PT 0x0200
-/* Dest port. */
-#define NFC_IP_DST_PT 0x0400
-/* Something else about the proto */
-#define NFC_IP_PROTO_UNKNOWN 0x2000
-
-/* IP Hooks */
-/* After promisc drops, checksum checks. */
-#define NF_IP_PRE_ROUTING 0
-/* If the packet is destined for this box. */
-#define NF_IP_LOCAL_IN 1
-/* If the packet is destined for another interface. */
-#define NF_IP_FORWARD 2
-/* Packets coming from a local process. */
-#define NF_IP_LOCAL_OUT 3
-/* Packets about to hit the wire. */
-#define NF_IP_POST_ROUTING 4
-#define NF_IP_NUMHOOKS 5
-
-enum nf_ip_hook_priorities {
- NF_IP_PRI_FIRST = INT_MIN,
- NF_IP_PRI_CONNTRACK_DEFRAG = -400,
- NF_IP_PRI_RAW = -300,
- NF_IP_PRI_SELINUX_FIRST = -225,
- NF_IP_PRI_CONNTRACK = -200,
- NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
- NF_IP_PRI_MANGLE = -150,
- NF_IP_PRI_NAT_DST = -100,
- NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50,
- NF_IP_PRI_FILTER = 0,
- NF_IP_PRI_NAT_SRC = 100,
- NF_IP_PRI_SELINUX_LAST = 225,
- NF_IP_PRI_LAST = INT_MAX,
-};
-
-/* Arguments for setsockopt SOL_IP: */
-/* 2.0 firewalling went from 64 through 71 (and +256, +512, etc). */
-/* 2.2 firewalling (+ masq) went from 64 through 76 */
-/* 2.4 firewalling went 64 through 67. */
-#define SO_ORIGINAL_DST 80
-
-#ifdef __KERNEL__
-#ifdef CONFIG_NETFILTER_DEBUG
-void nf_debug_ip_local_deliver(struct sk_buff *skb);
-void nf_debug_ip_loopback_xmit(struct sk_buff *newskb);
-void nf_debug_ip_finish_output2(struct sk_buff *skb);
-#endif /*CONFIG_NETFILTER_DEBUG*/
-
-extern int ip_route_me_harder(struct sk_buff **pskb);
-
-/* Call this before modifying an existing IP packet: ensures it is
- modifiable and linear to the point you care about (writable_len).
- Returns true or false. */
-extern int skb_ip_make_writable(struct sk_buff **pskb,
- unsigned int writable_len);
-#endif /*__KERNEL__*/
-
-#endif /*__LINUX_IP_NETFILTER_H*/
diff -Nru a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
--- a/include/linux/netfilter_ipv6/ip6_tables.h 2004-10-01 15:44:14 +02:00
+++ b/include/linux/netfilter_ipv6/ip6_tables.h 2004-10-01 15:44:14 +02:00
@@ -23,7 +23,7 @@
#include <linux/skbuff.h>
#endif
#include <linux/compiler.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#define IP6T_FUNCTION_MAXNAMELEN 30
#define IP6T_TABLE_MAXNAMELEN 32
@@ -221,10 +221,10 @@
unsigned int valid_hooks;
/* Hook entry points: one per netfilter hook. */
- unsigned int hook_entry[NF_IP6_NUMHOOKS];
+ unsigned int hook_entry[NF_IP_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP6_NUMHOOKS];
+ unsigned int underflow[NF_IP_NUMHOOKS];
/* Number of entries */
unsigned int num_entries;
@@ -250,10 +250,10 @@
unsigned int size;
/* Hook entry points. */
- unsigned int hook_entry[NF_IP6_NUMHOOKS];
+ unsigned int hook_entry[NF_IP_NUMHOOKS];
/* Underflow points. */
- unsigned int underflow[NF_IP6_NUMHOOKS];
+ unsigned int underflow[NF_IP_NUMHOOKS];
/* Information about old entries: */
/* Number of counters (must be equal to current number of entries). */
diff -Nru a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
--- a/include/linux/netfilter_ipv6.h 2004-10-01 15:44:14 +02:00
+++ /dev/null Wed Dec 31 16:00:00 196900
@@ -1,71 +0,0 @@
-#ifndef __LINUX_IP6_NETFILTER_H
-#define __LINUX_IP6_NETFILTER_H
-
-/* IPv6-specific defines for netfilter.
- * (C)1998 Rusty Russell -- This code is GPL.
- * (C)1999 David Jeffery
- * this header was blatantly ripped from netfilter_ipv4.h
- * it's amazing what adding a bunch of 6s can do =8^)
- */
-
-#include <linux/netfilter.h>
-
-/* IP Cache bits. */
-/* Src IP address. */
-#define NFC_IP6_SRC 0x0001
-/* Dest IP address. */
-#define NFC_IP6_DST 0x0002
-/* Input device. */
-#define NFC_IP6_IF_IN 0x0004
-/* Output device. */
-#define NFC_IP6_IF_OUT 0x0008
-/* TOS. */
-#define NFC_IP6_TOS 0x0010
-/* Protocol. */
-#define NFC_IP6_PROTO 0x0020
-/* IP options. */
-#define NFC_IP6_OPTIONS 0x0040
-/* Frag & flags. */
-#define NFC_IP6_FRAG 0x0080
-
-
-/* Per-protocol information: only matters if proto match. */
-/* TCP flags. */
-#define NFC_IP6_TCPFLAGS 0x0100
-/* Source port. */
-#define NFC_IP6_SRC_PT 0x0200
-/* Dest port. */
-#define NFC_IP6_DST_PT 0x0400
-/* Something else about the proto */
-#define NFC_IP6_PROTO_UNKNOWN 0x2000
-
-
-/* IP6 Hooks */
-/* After promisc drops, checksum checks. */
-#define NF_IP6_PRE_ROUTING 0
-/* If the packet is destined for this box. */
-#define NF_IP6_LOCAL_IN 1
-/* If the packet is destined for another interface. */
-#define NF_IP6_FORWARD 2
-/* Packets coming from a local process. */
-#define NF_IP6_LOCAL_OUT 3
-/* Packets about to hit the wire. */
-#define NF_IP6_POST_ROUTING 4
-#define NF_IP6_NUMHOOKS 5
-
-
-enum nf_ip6_hook_priorities {
- NF_IP6_PRI_FIRST = INT_MIN,
- NF_IP6_PRI_SELINUX_FIRST = -225,
- NF_IP6_PRI_CONNTRACK = -200,
- NF_IP6_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
- NF_IP6_PRI_MANGLE = -150,
- NF_IP6_PRI_NAT_DST = -100,
- NF_IP6_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50,
- NF_IP6_PRI_FILTER = 0,
- NF_IP6_PRI_NAT_SRC = 100,
- NF_IP6_PRI_SELINUX_LAST = 225,
- NF_IP6_PRI_LAST = INT_MAX,
-};
-
-#endif /*__LINUX_IP6_NETFILTER_H*/
diff -Nru a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
--- a/net/ipv4/af_inet.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/af_inet.c 2004-10-01 15:44:14 +02:00
@@ -86,7 +86,7 @@
#include <linux/stat.h>
#include <linux/init.h>
#include <linux/poll.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <asm/uaccess.h>
#include <asm/system.h>
diff -Nru a/net/ipv4/icmp.c b/net/ipv4/icmp.c
--- a/net/ipv4/icmp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/icmp.c 2004-10-01 15:44:14 +02:00
@@ -75,7 +75,7 @@
#include <linux/inet.h>
#include <linux/netdevice.h>
#include <linux/string.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/snmp.h>
#include <net/ip.h>
#include <net/route.h>
diff -Nru a/net/ipv4/igmp.c b/net/ipv4/igmp.c
--- a/net/ipv4/igmp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/igmp.c 2004-10-01 15:44:14 +02:00
@@ -96,7 +96,7 @@
#include <net/route.h>
#include <net/sock.h>
#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#ifdef CONFIG_IP_MROUTE
#include <linux/mroute.h>
#endif
diff -Nru a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
--- a/net/ipv4/ip_forward.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ip_forward.c 2004-10-01 15:44:14 +02:00
@@ -36,7 +36,7 @@
#include <net/icmp.h>
#include <linux/tcp.h>
#include <linux/udp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/checksum.h>
#include <linux/route.h>
#include <net/route.h>
diff -Nru a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
--- a/net/ipv4/ip_fragment.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ip_fragment.c 2004-10-01 15:44:14 +02:00
@@ -41,7 +41,7 @@
#include <linux/tcp.h>
#include <linux/udp.h>
#include <linux/inet.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
/* NOTE. Logic of IP defragmentation is parallel to corresponding IPv6
* code now. If you change something here, _PLEASE_ update ipv6/reassembly.c
diff -Nru a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
--- a/net/ipv4/ip_gre.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ip_gre.c 2004-10-01 15:44:14 +02:00
@@ -27,7 +27,7 @@
#include <linux/in6.h>
#include <linux/inetdevice.h>
#include <linux/igmp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/ip.h>
diff -Nru a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
--- a/net/ipv4/ip_input.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ip_input.c 2004-10-01 15:44:14 +02:00
@@ -141,7 +141,7 @@
#include <net/icmp.h>
#include <net/raw.h>
#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/xfrm.h>
#include <linux/mroute.h>
#include <linux/netlink.h>
diff -Nru a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
--- a/net/ipv4/ip_output.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ip_output.c 2004-10-01 15:44:14 +02:00
@@ -80,7 +80,7 @@
#include <net/inetpeer.h>
#include <net/checksum.h>
#include <linux/igmp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_bridge.h>
#include <linux/mroute.h>
#include <linux/netlink.h>
diff -Nru a/net/ipv4/ipip.c b/net/ipv4/ipip.c
--- a/net/ipv4/ipip.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ipip.c 2004-10-01 15:44:14 +02:00
@@ -107,7 +107,7 @@
#include <linux/if_arp.h>
#include <linux/mroute.h>
#include <linux/init.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/ip.h>
diff -Nru a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
--- a/net/ipv4/ipmr.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/ipmr.c 2004-10-01 15:44:14 +02:00
@@ -58,7 +58,7 @@
#include <net/raw.h>
#include <linux/notifier.h>
#include <linux/if_arp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/ipip.h>
#include <net/checksum.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_core.c 2004-10-01 15:44:14 +02:00
@@ -21,8 +21,7 @@
#include <linux/types.h>
#include <linux/icmp.h>
#include <linux/ip.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c 2004-10-01 15:44:14 +02:00
@@ -9,14 +9,12 @@
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/timer.h>
-#include <linux/netfilter.h>
#include <linux/in.h>
#include <linux/icmp.h>
#include <linux/seq_file.h>
#include <net/ip.h>
#include <net/checksum.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-10-01 15:44:14 +02:00
@@ -23,7 +23,6 @@
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/timer.h>
-#include <linux/netfilter.h>
#include <linux/module.h>
#include <linux/in.h>
#include <linux/ip.h>
@@ -32,8 +31,7 @@
#include <net/tcp.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_conntrack.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
#include <linux/netfilter_ipv4/lockhelp.h>
diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2004-10-01 15:44:14 +02:00
@@ -9,13 +9,11 @@
#include <linux/types.h>
#include <linux/sched.h>
#include <linux/timer.h>
-#include <linux/netfilter.h>
#include <linux/in.h>
#include <linux/udp.h>
#include <linux/seq_file.h>
#include <net/checksum.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
unsigned long ip_ct_udp_timeout = 30*HZ;
diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-10-01 15:44:14 +02:00
@@ -15,8 +15,7 @@
#include <linux/config.h>
#include <linux/types.h>
#include <linux/ip.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
diff -Nru a/net/ipv4/netfilter/ip_fw_compat.c b/net/ipv4/netfilter/ip_fw_compat.c
--- a/net/ipv4/netfilter/ip_fw_compat.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_fw_compat.c 2004-10-01 15:44:14 +02:00
@@ -11,7 +11,7 @@
struct notifier_block;
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/ip.h>
#include <net/icmp.h>
#include <linux/if.h>
diff -Nru a/net/ipv4/netfilter/ip_fw_compat_masq.c b/net/ipv4/netfilter/ip_fw_compat_masq.c
--- a/net/ipv4/netfilter/ip_fw_compat_masq.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_fw_compat_masq.c 2004-10-01 15:44:14 +02:00
@@ -18,7 +18,7 @@
#include <linux/ip.h>
#include <linux/icmp.h>
#include <linux/udp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netdevice.h>
#include <linux/inetdevice.h>
#include <linux/proc_fs.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_amanda.c b/net/ipv4/netfilter/ip_nat_amanda.c
--- a/net/ipv4/netfilter/ip_nat_amanda.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_amanda.c 2004-10-01 15:44:14 +02:00
@@ -13,14 +13,13 @@
#include <linux/kernel.h>
#include <linux/module.h>
-#include <linux/netfilter.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/udp.h>
#include <net/tcp.h>
#include <net/udp.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
--- a/net/ipv4/netfilter/ip_nat_core.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_core.c 2004-10-01 15:44:14 +02:00
@@ -12,7 +12,7 @@
#include <linux/types.h>
#include <linux/timer.h>
#include <linux/skbuff.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/vmalloc.h>
#include <net/checksum.h>
#include <net/icmp.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c
--- a/net/ipv4/netfilter/ip_nat_ftp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_ftp.c 2004-10-01 15:44:14 +02:00
@@ -9,7 +9,7 @@
*/
#include <linux/module.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/moduleparam.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
--- a/net/ipv4/netfilter/ip_nat_helper.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_helper.c 2004-10-01 15:44:14 +02:00
@@ -21,7 +21,7 @@
#include <linux/types.h>
#include <linux/timer.h>
#include <linux/skbuff.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/checksum.h>
#include <net/icmp.h>
#include <net/ip.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c
--- a/net/ipv4/netfilter/ip_nat_irc.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_irc.c 2004-10-01 15:44:14 +02:00
@@ -17,7 +17,7 @@
*/
#include <linux/module.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/ip.h>
#include <linux/tcp.h>
#include <linux/kernel.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
--- a/net/ipv4/netfilter/ip_nat_rule.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_rule.c 2004-10-01 15:44:14 +02:00
@@ -9,8 +9,7 @@
/* Everything about the rules for NAT. */
#include <linux/types.h>
#include <linux/ip.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/kmod.h>
#include <linux/skbuff.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c 2004-10-01 15:44:14 +02:00
@@ -48,7 +48,7 @@
#include <linux/types.h>
#include <linux/kernel.h>
#include <linux/moduleparam.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_helper.h>
#include <linux/ip.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
--- a/net/ipv4/netfilter/ip_nat_standalone.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_standalone.c 2004-10-01 15:44:14 +02:00
@@ -22,8 +22,7 @@
#include <linux/types.h>
#include <linux/icmp.h>
#include <linux/ip.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
diff -Nru a/net/ipv4/netfilter/ip_nat_tftp.c b/net/ipv4/netfilter/ip_nat_tftp.c
--- a/net/ipv4/netfilter/ip_nat_tftp.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ip_nat_tftp.c 2004-10-01 15:44:14 +02:00
@@ -22,7 +22,7 @@
*/
#include <linux/module.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/ip.h>
#include <linux/udp.h>
diff -Nru a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c 2004-10-01 15:44:14 +02:00
@@ -14,11 +14,10 @@
#include <linux/ip.h>
#include <linux/timer.h>
#include <linux/module.h>
-#include <linux/netfilter.h>
#include <net/protocol.h>
#include <net/ip.h>
#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_tables.h>
diff -Nru a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
--- a/net/ipv4/netfilter/ipt_NETMAP.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ipt_NETMAP.c 2004-10-01 15:44:14 +02:00
@@ -14,8 +14,7 @@
#include <linux/ip.h>
#include <linux/module.h>
#include <linux/netdevice.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#define MODULENAME "NETMAP"
diff -Nru a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
--- a/net/ipv4/netfilter/ipt_REDIRECT.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c 2004-10-01 15:44:14 +02:00
@@ -11,13 +11,12 @@
#include <linux/ip.h>
#include <linux/timer.h>
#include <linux/module.h>
-#include <linux/netfilter.h>
#include <linux/netdevice.h>
#include <linux/if.h>
#include <linux/inetdevice.h>
#include <net/protocol.h>
#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
MODULE_LICENSE("GPL");
diff -Nru a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
--- a/net/ipv4/netfilter/ipt_SAME.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/netfilter/ipt_SAME.c 2004-10-01 15:44:14 +02:00
@@ -27,13 +27,12 @@
#include <linux/ip.h>
#include <linux/timer.h>
#include <linux/module.h>
-#include <linux/netfilter.h>
#include <linux/netdevice.h>
#include <linux/if.h>
#include <linux/inetdevice.h>
#include <net/protocol.h>
#include <net/checksum.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ipt_SAME.h>
diff -Nru a/net/ipv4/raw.c b/net/ipv4/raw.c
--- a/net/ipv4/raw.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/raw.c 2004-10-01 15:44:14 +02:00
@@ -78,7 +78,7 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
#include <linux/netfilter.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE];
rwlock_t raw_v4_lock = RW_LOCK_UNLOCKED;
diff -Nru a/net/ipv4/route.c b/net/ipv4/route.c
--- a/net/ipv4/route.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv4/route.c 2004-10-01 15:44:14 +02:00
@@ -85,7 +85,7 @@
#include <linux/igmp.h>
#include <linux/pkt_sched.h>
#include <linux/mroute.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <linux/random.h>
#include <linux/jhash.h>
#include <linux/rcupdate.h>
diff -Nru a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c
--- a/net/ipv6/ip6_input.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/ip6_input.c 2004-10-01 15:44:14 +02:00
@@ -31,8 +31,7 @@
#include <linux/in6.h>
#include <linux/icmpv6.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/snmp.h>
@@ -115,7 +114,7 @@
hdr = skb->nh.ipv6h;
}
- return NF_HOOK(PF_INET6,NF_IP6_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish);
+ return NF_HOOK(PF_INET6, NF_IP_PRE_ROUTING, skb, dev, NULL, ip6_rcv_finish);
truncated:
IP6_INC_STATS_BH(IPSTATS_MIB_INTRUNCATEDPKTS);
err:
@@ -218,7 +217,7 @@
int ip6_input(struct sk_buff *skb)
{
- return NF_HOOK(PF_INET6,NF_IP6_LOCAL_IN, skb, skb->dev, NULL, ip6_input_finish);
+ return NF_HOOK(PF_INET6, NF_IP_LOCAL_IN, skb, skb->dev, NULL, ip6_input_finish);
}
int ip6_mc_input(struct sk_buff *skb)
diff -Nru a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
--- a/net/ipv6/ip6_output.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/ip6_output.c 2004-10-01 15:44:14 +02:00
@@ -40,8 +40,7 @@
#include <linux/tcp.h>
#include <linux/route.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/snmp.h>
@@ -129,7 +128,7 @@
is not supported in any case.
*/
if (newskb)
- NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, newskb, NULL,
+ NF_HOOK(PF_INET6, NF_IP_POST_ROUTING, newskb, NULL,
newskb->dev,
ip6_dev_loopback_xmit);
@@ -143,7 +142,7 @@
IP6_INC_STATS(IPSTATS_MIB_OUTMCASTPKTS);
}
- return NF_HOOK(PF_INET6, NF_IP6_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish);
+ return NF_HOOK(PF_INET6, NF_IP_POST_ROUTING, skb,NULL, skb->dev,ip6_output_finish);
}
int ip6_output(struct sk_buff **pskb)
@@ -267,7 +266,7 @@
mtu = dst_pmtu(dst);
if ((skb->len <= mtu) || ipfragok) {
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
+ return NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
}
if (net_ratelimit())
@@ -451,7 +450,7 @@
hdr->hop_limit--;
IP6_INC_STATS_BH(IPSTATS_MIB_OUTFORWDATAGRAMS);
- return NF_HOOK(PF_INET6,NF_IP6_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish);
+ return NF_HOOK(PF_INET6, NF_IP_FORWARD, skb, skb->dev, dst->dev, ip6_forward_finish);
error:
IP6_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
@@ -1142,7 +1141,7 @@
skb->dst = dst_clone(&rt->u.dst);
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dst->dev, dst_output);
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, skb->dst->dev, dst_output);
if (err) {
if (err > 0)
err = inet->recverr ? net_xmit_errno(err) : 0;
diff -Nru a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
--- a/net/ipv6/ip6_tunnel.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/ip6_tunnel.c 2004-10-01 15:44:14 +02:00
@@ -36,7 +36,7 @@
#include <linux/init.h>
#include <linux/route.h>
#include <linux/rtnetlink.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <asm/uaccess.h>
#include <asm/atomic.h>
@@ -742,7 +742,7 @@
ipv6_addr_copy(&ipv6h->daddr, &fl.fl6_dst);
nf_reset(skb);
pkt_len = skb->len;
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL,
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL,
skb->dst->dev, dst_output);
if (err == NET_XMIT_SUCCESS || err == NET_XMIT_CN) {
diff -Nru a/net/ipv6/mcast.c b/net/ipv6/mcast.c
--- a/net/ipv6/mcast.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/mcast.c 2004-10-01 15:44:14 +02:00
@@ -47,8 +47,7 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/snmp.h>
@@ -1327,7 +1326,7 @@
pmr->csum = csum_ipv6_magic(&pip6->saddr, &pip6->daddr, mldlen,
IPPROTO_ICMPV6, csum_partial(skb->h.raw, mldlen, 0));
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, skb->dev,
dev_queue_xmit);
if (!err) {
ICMP6_INC_STATS(idev,ICMP6_MIB_OUTMSGS);
@@ -1666,7 +1665,7 @@
idev = in6_dev_get(skb->dev);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, skb->dev,
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, skb->dev,
dev_queue_xmit);
if (!err) {
if (type == ICMPV6_MGM_REDUCTION)
diff -Nru a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
--- a/net/ipv6/ndisc.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/ndisc.c 2004-10-01 15:44:14 +02:00
@@ -82,8 +82,7 @@
#include <net/ip6_checksum.h>
#include <linux/proc_fs.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
static struct socket *ndisc_socket;
@@ -461,7 +460,7 @@
skb->dst = dst;
idev = in6_dev_get(dst->dev);
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
if (!err) {
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORADVERTISEMENTS);
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -545,7 +544,7 @@
skb->dst = dst;
idev = in6_dev_get(dst->dev);
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
if (!err) {
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTNEIGHBORSOLICITS);
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -618,7 +617,7 @@
skb->dst = dst;
idev = in6_dev_get(dst->dev);
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, dst->dev, dst_output);
if (!err) {
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTROUTERSOLICITS);
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
@@ -1345,7 +1344,7 @@
buff->dst = dst;
idev = in6_dev_get(dst->dev);
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, buff, NULL, dst->dev, dst_output);
if (!err) {
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTREDIRECTS);
ICMP6_INC_STATS(idev, ICMP6_MIB_OUTMSGS);
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_core.c b/net/ipv6/netfilter/ip6_conntrack_core.c
--- a/net/ipv6/netfilter/ip6_conntrack_core.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_core.c 2004-10-01 15:44:14 +02:00
@@ -31,8 +31,7 @@
#include <linux/types.h>
#include <linux/icmpv6.h>
#include <linux/ipv6.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_reasm.c b/net/ipv6/netfilter/ip6_conntrack_reasm.c
--- a/net/ipv6/netfilter/ip6_conntrack_reasm.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_reasm.c 2004-10-01 15:44:14 +02:00
@@ -41,8 +41,7 @@
#include <net/ndisc.h>
#include <net/addrconf.h>
#include <linux/sysctl.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <linux/kernel.h>
#include <linux/module.h>
diff -Nru a/net/ipv6/netfilter/ip6_conntrack_standalone.c b/net/ipv6/netfilter/ip6_conntrack_standalone.c
--- a/net/ipv6/netfilter/ip6_conntrack_standalone.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6_conntrack_standalone.c 2004-10-01 15:44:14 +02:00
@@ -26,8 +26,7 @@
#include <linux/types.h>
#include <linux/ipv6.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/proc_fs.h>
@@ -220,16 +219,16 @@
.hook = ip6_conntrack_reasm,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_PRE_ROUTING,
- .priority = NF_IP6_PRI_CONNTRACK,
+ .hooknum = NF_IP_PRE_ROUTING,
+ .priority = NF_IP_PRI_CONNTRACK,
};
static struct nf_hook_ops ip6_conntrack_local_out_ops = {
.hook = ip6_conntrack_local,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_OUT,
- .priority = NF_IP6_PRI_CONNTRACK,
+ .hooknum = NF_IP_LOCAL_OUT,
+ .priority = NF_IP_PRI_CONNTRACK,
};
/* Refragmenter; last chance. */
@@ -237,16 +236,16 @@
.hook = ip6_conntrack_out,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_POST_ROUTING,
- .priority = NF_IP6_PRI_LAST,
+ .hooknum = NF_IP_POST_ROUTING,
+ .priority = NF_IP_PRI_LAST,
};
static struct nf_hook_ops ip6_conntrack_local_in_ops = {
.hook = ip6_confirm,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_IN,
- .priority = NF_IP6_PRI_LAST-1,
+ .hooknum = NF_IP_LOCAL_IN,
+ .priority = NF_IP_PRI_LAST-1,
};
static unsigned int ip6_confirm(unsigned int hooknum,
@@ -322,10 +321,10 @@
info.outdev = out;
info.okfn = okfn;
switch (hooknum) {
- case NF_IP6_PRE_ROUTING:
+ case NF_IP_PRE_ROUTING:
info.elem = &ip6_conntrack_in_ops;
break;
- case NF_IP6_LOCAL_OUT:
+ case NF_IP_LOCAL_OUT:
info.elem = &ip6_conntrack_local_out_ops;
break;
}
diff -Nru a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
--- a/net/ipv6/netfilter/ip6_tables.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6_tables.c 2004-10-01 15:44:14 +02:00
@@ -106,8 +106,8 @@
unsigned int initial_entries;
/* Entry points and underflows */
- unsigned int hook_entry[NF_IP6_NUMHOOKS];
- unsigned int underflow[NF_IP6_NUMHOOKS];
+ unsigned int hook_entry[NF_IP_NUMHOOKS];
+ unsigned int underflow[NF_IP_NUMHOOKS];
/* ip6t_entry tables: one per CPU */
char entries[0] ____cacheline_aligned;
@@ -582,7 +582,7 @@
/* No recursion; use packet counter to save back ptrs (reset
to 0 as we leave), and comefrom to save source hook bitmask */
- for (hook = 0; hook < NF_IP6_NUMHOOKS; hook++) {
+ for (hook = 0; hook < NF_IP_NUMHOOKS; hook++) {
unsigned int pos = newinfo->hook_entry[hook];
struct ip6t_entry *e
= (struct ip6t_entry *)(newinfo->entries + pos);
@@ -597,13 +597,13 @@
struct ip6t_standard_target *t
= (void *)ip6t_get_target(e);
- if (e->comefrom & (1 << NF_IP6_NUMHOOKS)) {
+ if (e->comefrom & (1 << NF_IP_NUMHOOKS)) {
printk("iptables: loop hook %u pos %u %08X.\n",
hook, pos, e->comefrom);
return 0;
}
e->comefrom
- |= ((1 << hook) | (1 << NF_IP6_NUMHOOKS));
+ |= ((1 << hook) | (1 << NF_IP_NUMHOOKS));
/* Unconditional return/END. */
if (e->target_offset == sizeof(struct ip6t_entry)
@@ -616,10 +616,10 @@
/* Return: backtrack through the last
big jump. */
do {
- e->comefrom ^= (1<<NF_IP6_NUMHOOKS);
+ e->comefrom ^= (1<<NF_IP_NUMHOOKS);
#ifdef DEBUG_IP_FIREWALL_USER
if (e->comefrom
- & (1 << NF_IP6_NUMHOOKS)) {
+ & (1 << NF_IP_NUMHOOKS)) {
duprintf("Back unset "
"on hook %u "
"rule %u\n",
@@ -836,7 +836,7 @@
}
/* Check hooks & underflows */
- for (h = 0; h < NF_IP6_NUMHOOKS; h++) {
+ for (h = 0; h < NF_IP_NUMHOOKS; h++) {
if ((unsigned char *)e - base == hook_entries[h])
newinfo->hook_entry[h] = hook_entries[h];
if ((unsigned char *)e - base == underflows[h])
@@ -890,7 +890,7 @@
newinfo->number = number;
/* Init all hooks to impossible value. */
- for (i = 0; i < NF_IP6_NUMHOOKS; i++) {
+ for (i = 0; i < NF_IP_NUMHOOKS; i++) {
newinfo->hook_entry[i] = 0xFFFFFFFF;
newinfo->underflow[i] = 0xFFFFFFFF;
}
@@ -914,7 +914,7 @@
}
/* Check hooks all assigned */
- for (i = 0; i < NF_IP6_NUMHOOKS; i++) {
+ for (i = 0; i < NF_IP_NUMHOOKS; i++) {
/* Only hooks which are valid */
if (!(valid_hooks & (1 << i)))
continue;
diff -Nru a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
--- a/net/ipv6/netfilter/ip6t_REJECT.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6t_REJECT.c 2004-10-01 15:44:14 +02:00
@@ -190,7 +190,7 @@
connection_attach(nskb, oldskb);
- NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
+ NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
maybe_reroute);
dst_release(dst);
@@ -338,7 +338,7 @@
IPPROTO_ICMPV6, csum);
connection_attach(nskb, skb_in);
- NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
+ NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, nskb, NULL, nskb->dst->dev,
maybe_reroute);
dst_release_out:
@@ -408,9 +408,9 @@
return 0;
}
- if ((hook_mask & ~((1 << NF_IP6_LOCAL_IN)
- | (1 << NF_IP6_FORWARD)
- | (1 << NF_IP6_LOCAL_OUT))) != 0) {
+ if ((hook_mask & ~((1 << NF_IP_LOCAL_IN)
+ | (1 << NF_IP_FORWARD)
+ | (1 << NF_IP_LOCAL_OUT))) != 0) {
DEBUGP("ip6t_REJECT: bad hook mask %X\n", hook_mask);
return 0;
}
diff -Nru a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
--- a/net/ipv6/netfilter/ip6t_eui64.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6t_eui64.c 2004-10-01 15:44:14 +02:00
@@ -69,8 +69,8 @@
unsigned int hook_mask)
{
if (hook_mask
- & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
- (1 << NF_IP6_PRE_ROUTING) )) {
+ & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN) |
+ (1 << NF_IP_PRE_ROUTING) )) {
printk("ip6t_eui64: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
return 0;
}
diff -Nru a/net/ipv6/netfilter/ip6t_mac.c b/net/ipv6/netfilter/ip6t_mac.c
--- a/net/ipv6/netfilter/ip6t_mac.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6t_mac.c 2004-10-01 15:44:14 +02:00
@@ -47,8 +47,8 @@
unsigned int hook_mask)
{
if (hook_mask
- & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN)
- | (1 << NF_IP6_FORWARD))) {
+ & ~((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_IN)
+ | (1 << NF_IP_FORWARD))) {
printk("ip6t_mac: only valid for PRE_ROUTING, LOCAL_IN or"
" FORWARD\n");
return 0;
diff -Nru a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
--- a/net/ipv6/netfilter/ip6t_owner.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6t_owner.c 2004-10-01 15:44:14 +02:00
@@ -136,7 +136,7 @@
unsigned int hook_mask)
{
if (hook_mask
- & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
+ & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) {
printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
return 0;
}
diff -Nru a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
--- a/net/ipv6/netfilter/ip6table_filter.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6table_filter.c 2004-10-01 15:44:14 +02:00
@@ -17,7 +17,7 @@
MODULE_AUTHOR("Netfilter Core Team <coreteam@xxxxxxxxxxxxx>");
MODULE_DESCRIPTION("ip6tables filter table");
-#define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT))
+#define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))
/* Standard entry. */
struct ip6t_standard
@@ -46,12 +46,12 @@
} initial_table __initdata
= { { "filter", FILTER_VALID_HOOKS, 4,
sizeof(struct ip6t_standard) * 3 + sizeof(struct ip6t_error),
- { [NF_IP6_LOCAL_IN] = 0,
- [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 },
- { [NF_IP6_LOCAL_IN] = 0,
- [NF_IP6_FORWARD] = sizeof(struct ip6t_standard),
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 },
+ { [NF_IP_LOCAL_IN] = 0,
+ [NF_IP_FORWARD] = sizeof(struct ip6t_standard),
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 },
+ { [NF_IP_LOCAL_IN] = 0,
+ [NF_IP_FORWARD] = sizeof(struct ip6t_standard),
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard) * 2 },
0, NULL, { } },
{
/* LOCAL_IN */
@@ -136,22 +136,22 @@
.hook = ip6t_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_IN,
- .priority = NF_IP6_PRI_FILTER,
+ .hooknum = NF_IP_LOCAL_IN,
+ .priority = NF_IP_PRI_FILTER,
},
{
.hook = ip6t_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_FORWARD,
- .priority = NF_IP6_PRI_FILTER,
+ .hooknum = NF_IP_FORWARD,
+ .priority = NF_IP_PRI_FILTER,
},
{
.hook = ip6t_local_out_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_OUT,
- .priority = NF_IP6_PRI_FILTER,
+ .hooknum = NF_IP_LOCAL_OUT,
+ .priority = NF_IP_PRI_FILTER,
},
};
diff -Nru a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
--- a/net/ipv6/netfilter/ip6table_mangle.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6table_mangle.c 2004-10-01 15:44:14 +02:00
@@ -17,11 +17,11 @@
MODULE_AUTHOR("Netfilter Core Team <coreteam@xxxxxxxxxxxxx>");
MODULE_DESCRIPTION("ip6tables mangle table");
-#define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \
- (1 << NF_IP6_LOCAL_IN) | \
- (1 << NF_IP6_FORWARD) | \
- (1 << NF_IP6_LOCAL_OUT) | \
- (1 << NF_IP6_POST_ROUTING))
+#define MANGLE_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | \
+ (1 << NF_IP_LOCAL_IN) | \
+ (1 << NF_IP_FORWARD) | \
+ (1 << NF_IP_LOCAL_OUT) | \
+ (1 << NF_IP_POST_ROUTING))
#if 0
#define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args)
@@ -56,16 +56,16 @@
} initial_table __initdata
= { { "mangle", MANGLE_VALID_HOOKS, 6,
sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),
- { [NF_IP6_PRE_ROUTING] = 0,
- [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard),
- [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2,
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
- [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4},
- { [NF_IP6_PRE_ROUTING] = 0,
- [NF_IP6_LOCAL_IN] = sizeof(struct ip6t_standard),
- [NF_IP6_FORWARD] = sizeof(struct ip6t_standard) * 2,
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
- [NF_IP6_POST_ROUTING] = sizeof(struct ip6t_standard) * 4},
+ { [NF_IP_PRE_ROUTING] = 0,
+ [NF_IP_LOCAL_IN] = sizeof(struct ip6t_standard),
+ [NF_IP_FORWARD] = sizeof(struct ip6t_standard) * 2,
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
+ [NF_IP_POST_ROUTING] = sizeof(struct ip6t_standard) * 4},
+ { [NF_IP_PRE_ROUTING] = 0,
+ [NF_IP_LOCAL_IN] = sizeof(struct ip6t_standard),
+ [NF_IP_FORWARD] = sizeof(struct ip6t_standard) * 2,
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard) * 3,
+ [NF_IP_POST_ROUTING] = sizeof(struct ip6t_standard) * 4},
0, NULL, { } },
{
/* PRE_ROUTING */
@@ -199,36 +199,36 @@
.hook = ip6t_route_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_PRE_ROUTING,
- .priority = NF_IP6_PRI_MANGLE,
+ .hooknum = NF_IP_PRE_ROUTING,
+ .priority = NF_IP_PRI_MANGLE,
},
{
.hook = ip6t_local_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_IN,
- .priority = NF_IP6_PRI_MANGLE,
+ .hooknum = NF_IP_LOCAL_IN,
+ .priority = NF_IP_PRI_MANGLE,
},
{
.hook = ip6t_route_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_FORWARD,
- .priority = NF_IP6_PRI_MANGLE,
+ .hooknum = NF_IP_FORWARD,
+ .priority = NF_IP_PRI_MANGLE,
},
{
.hook = ip6t_local_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_OUT,
- .priority = NF_IP6_PRI_MANGLE,
+ .hooknum = NF_IP_LOCAL_OUT,
+ .priority = NF_IP_PRI_MANGLE,
},
{
.hook = ip6t_route_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
- .hooknum = NF_IP6_POST_ROUTING,
- .priority = NF_IP6_PRI_MANGLE,
+ .hooknum = NF_IP_POST_ROUTING,
+ .priority = NF_IP_PRI_MANGLE,
},
};
diff -Nru a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
--- a/net/ipv6/netfilter/ip6table_raw.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/netfilter/ip6table_raw.c 2004-10-01 15:44:14 +02:00
@@ -6,7 +6,7 @@
#include <linux/module.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
-#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))
+#define RAW_VALID_HOOKS ((1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_LOCAL_OUT))
#if 0
#define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args)
@@ -45,12 +45,12 @@
.num_entries = 3,
.size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
.hook_entry = {
- [NF_IP6_PRE_ROUTING] = 0,
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
+ [NF_IP_PRE_ROUTING] = 0,
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard)
},
.underflow = {
- [NF_IP6_PRE_ROUTING] = 0,
- [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
+ [NF_IP_PRE_ROUTING] = 0,
+ [NF_IP_LOCAL_OUT] = sizeof(struct ip6t_standard)
},
},
.entries = {
@@ -129,14 +129,14 @@
{
.hook = ip6t_hook,
.pf = PF_INET6,
- .hooknum = NF_IP6_PRE_ROUTING,
- .priority = NF_IP6_PRI_FIRST
+ .hooknum = NF_IP_PRE_ROUTING,
+ .priority = NF_IP_PRI_FIRST
},
{
.hook = ip6t_hook,
.pf = PF_INET6,
- .hooknum = NF_IP6_LOCAL_OUT,
- .priority = NF_IP6_PRI_FIRST
+ .hooknum = NF_IP_LOCAL_OUT,
+ .priority = NF_IP_PRI_FIRST
},
};
diff -Nru a/net/ipv6/raw.c b/net/ipv6/raw.c
--- a/net/ipv6/raw.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/raw.c 2004-10-01 15:44:14 +02:00
@@ -30,8 +30,7 @@
#include <linux/netdevice.h>
#include <linux/if_arp.h>
#include <linux/icmpv6.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter_ipv6.h>
+#include <linux/netfilter_ip.h>
#include <asm/uaccess.h>
#include <asm/ioctls.h>
@@ -539,7 +538,7 @@
goto error_fault;
IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
- err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
+ err = NF_HOOK(PF_INET6, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
dst_output);
if (err > 0)
err = inet->recverr ? net_xmit_errno(err) : 0;
diff -Nru a/net/ipv6/sit.c b/net/ipv6/sit.c
--- a/net/ipv6/sit.c 2004-10-01 15:44:14 +02:00
+++ b/net/ipv6/sit.c 2004-10-01 15:44:14 +02:00
@@ -32,7 +32,7 @@
#include <linux/icmp.h>
#include <asm/uaccess.h>
#include <linux/init.h>
-#include <linux/netfilter_ipv4.h>
+#include <linux/netfilter_ip.h>
#include <net/sock.h>
#include <net/snmp.h>